Helios Solutions

loading icon
Slide background
Raja Speet
Cosima Riehl
Soraya Cansse

WordPress version 4.2.2 – Necessary Security and Maintenance release

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

WordPress 4.2.2 was released to address a couple of critical cross-site scripting (XSS) vulnerabilities. WordPress 4.2.2 is a critical security release for all previous versions to address 2 serious security issues: Wordpress-4.2.2 The Genericons icons font package:

This is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins on Wrodpress.org has been updated to address this issue by removing the nonessential file. To protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it.

WordPress versions 4.2 and earlier were affected by a XSS vulnerability which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue.

The WordPress 4.2.2 security and maintenance release also includes a hardening for a potential XSS vulnerability in the visual editor. Aside from that it also contains bug fixes found in version 4.2 such as:

  • Attachment URLs should only be forced to SSL on the front end
  • Improve performance of loop detection in_get_term_children()
  • Ensure unintelligible DB schemas don’t result in content loss
  • Bundled Themes: Remove Genericons example.html files
  • When upgrading WordPress remove genericons example.html files

It is important to update the WordPress site to the latest version, websites that support automatic background updates are already beginning to do it, and for others, they can do it manually in the Dashboard, by clicking on “Update Now”.

Website administrators are urged to switch to the new version as soon as possible. If the action cannot be performed with utmost urgency, the security flaw can be mended by deleting the “example.html” file in the genericons folder.

Alternatively, access to this resource can be blocked via security products protecting the website. This is a powerful update for protecting the site from vulnerabilities and the update has become mandatory.

Get in touch with us if you want to hire WordPress Specialist for your wordpress development project and for more information visit http://www.heliossolutions.in/technology/wordpress-web-design-agency/

Related Articles

Embrace WordPress and Engage Your Customers Effectively [Infographic] By Helios

  • March 31, 2017

The popularity of WordPress is gaining momentum with every passing day! WordPress breathes on PHP and owes its inception to […]

How to Choose a WordPress Development Agency for Enterprise Companies?

  • March 24, 2017
  • 5 min. read time

A highly functional website with pleasant user experience can help you build your brand and transform your business with a […]

How Virtual Reality and WordPress are Powering the Future of Web Design?

  • March 17, 2017
  • 3 min. read time

We are already in an era wherein virtual reality (VR) is no more a sci-fi dream but a tangible reality. […]

Leave Comment